<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">

Recommended Blogs

  • October is Cybersecurity Awareness Month

    October marks Cyber Security Awareness Month, an annual reminder for businesses and individuals that cyber security ...

    Read More
  • Legal cloud technology – how it aids efficiency and productivity

    Not all clouds are created equal, however. The two main choices of cloud technologies are the public, private and ...

    Read More
  • Everyday cyber security social engineering risks – and what you can do to protect yourself

      As each year goes by, the electronic defences against cyberattacks get better and better.  

    Read More
  • Sprout Sessions - OnDMARC - How to prevent phishing

      Phishing is the most significant cyber threat to the UK Legal Sector.  

    Read More
  • 8 ways to work remotely and securely for the legal sector

    The personal, private, and commercially sensitive information stored on legal firms’ internal and external networks is ...

    Read More
The future of legal cyber awareness training
BY SproutIT

Businesses in the legal sector are a potential goldmine for cyber criminals, with confidential client records offering rich pickings.



The kind of information that circulates daily in the industry – banking records, company accounting reports, address details, and insurance records – can be extremely valuable to cyber criminals. Identity theft, IP theft and bank fraud, just some of the hacker’s potential gains.


But what can law firms do to reduce the chances of a successful data breach?

Different people are susceptible to different forms of cyber attacks, and analysing this victimology can be vital in helping IT leaders in law firms reduce their cyber risk profile. By identifying the most prevalent risk factors, the psychological basis for these risks and the profile of the roles most affected by these law firms and Barristers' Chambers can determine the best methods for their IT to mitigate these risks in the legal sector. 




Training the brain to tackle cyber risk

The emotional brain is stronger and quicker than the logical brain and this can cause people to make incorrect and rash decisions where cyber security is concerned. This is especially true in high pressure work environments. A combination of high standards and a heavy workload makes it easy for a tired brain to look for a quick fix in order to get onto the next task. Impulsive and emotional decisions are more common in this state and these can lead to a security breach.


Once law firms and Barristers' Chambers begin to take a modern, psychologically-minded approach to their cyber security, they’ll find an actual, tangible change in online behaviour. By accounting for this ‘human factor’ in cyber security - a combination of psychology and education – law firms can start to seal the cracks in their cyber defences and reduce the chances of succumbing to a data breach. Whether a firm wishes to prevent phishing, malware, password attacks or ransomware, employees can be a first line of defence.


A good cyber security strategy starts with people.

The National Cyber Security Centre found that even though 75% of respondents ran ongoing awareness programmes, only 15% exhibited the positive behaviours and heightened awareness the programme was designed to create.


It’s one thing to train staff; it’s quite another thing for staff to act on that training. Through awareness raising and training we are suggesting that the rational brain can be increasingly accessed to form a more effective mindset in tackling cyber risk. Organisations need their people to have a curious and questioning brain, but one that follows cyber security processes even when under internal or external pressures that ideal mix of the emotional and rational.


Ciaran Martin, CEO of the National Cyber Security Centre: “[Businesses need to] get serious about understanding the human being in all this… I think this is the most important shift in thinking over the past year or so, the wider recognition of the importance of the user... To get cyber security right, we need to connect those human factors to that Boardroom conversation.”


What doesn't work

  • The tick box approach: taking a check box approach assumes that everything will be OK if firms comply with a set of rules or training standards.
  • The training manual approach: overwhelming staff with technical information or giving staff unwieldy ‘training manuals’ is ineffective; simply reading facts doesn’t mean those facts will be acted on.
  • The one-off training session approach: these painfully unengaging marathon sessions have little impact due to the required concentration for the training to be consumed.
  • The “doom and gloom” approach: simply telling individuals how damaging a cyber attack could be won’t elicit changes in behaviour. It can increase the danger of ‘data breach fatigue’, which can be counter-productive in changing behaviour

What does work

  • A behavioural approach: education needs to transform human psychology itself and fight against our instinctual human emotions – analogue instincts must be adapted for the digital age.
  • A bite-size approach: it’s well documented within educational psychology that people digest more information in smaller, regular bites. þ An adaptive, individualised approach: different people learn in different ways so incorporate a variety of video, text and images to cater for the individual.
  • A modern approach: embrace modern technology that enables training to be done at a time and place convenient for the individual.
  • A verified approach: individuals should be tested to ensure they have retained information adequately and would be able to act on that information.

CyberAware powered by CybSafe - The future of cyber resilience training

Sprout IT's new cyber resilience training partner, CybSafe provides an intelligent approach to cyber resilience training that puts data at your fingertips and helps you measure, understand and reduce human cyber risk whilst improving cyber security awareness, behaviour and culture within your organisation. To speak with one of our team members about , please call us on 020 7036 8530 or contact us here.


To learn more about our cyber resilience service please check out our CyberAware Powered By CybSafe page. 




About this post 

The content is excerpt CybSafe's Tackling the Human Aspect of Cyber Security: The Psychology of a Law Firm available to download from here. Sprout IT is a certified partner of CybSafe



Cyber Security Cyberaware cyber awareness cyber security training cyber awareness training cybsafe